Windows 2008 File Attributes

  • Archive - The directory or file has been changed since it was last backed up.
  • Compress - The directory or file is compressed on an NTFS volume. The directory or file cannot be compressed and encrypted.
  • Encrypt - The directory or file is encrypted on an NTFS volume. The directory or file cannot be encrypted and compressed. Encryption is provided by the Encrypting File System (EFS) which comes with and is installed automatically on Windows 2008 systems. The user who encrypted the file or a local or domain administrator can decrypt encrypted files. The administrator account is called a recovery agent because it has a global key which can decrypt any files. Group policy can be used to make other accounts recovery agents.
  • Hidden - The directory or file is invisible to a normal directory search and cannot be copied or deleted.
  • Index - The directory or file is indexed by the Windows Indexing Service on an NTFS volume. Once files are indexed, Windows Explorer can find files that contain specific phrases or words.
  • Read-only - The directory or file cannot be modified by writing to it or deleting it.
  • System - The directory or file is needed by the operating system. Files with this attribute set are read-only and hidden, even if those attributes are not set.

Encrypting File System

If a user encrypts files, then leaves, the administrator is an EFS recovery agent and can decrypt the file. An EFS recovery agent has a certificate allowing them tounencrypted files. The user that is a recovery agent can have their certificate removed and stored on a floppy until needed.

This prevents accidental viewing of secure files by unauthorized persons, even the administrator.

  • A recovery agent certificate can be requested using the MMC Certificate snap-in command line utility by typing "mmc" on the command line and selecting "Certificates" after selecting "Console", "Add/Remove snap-in", and "Add". A user may be made a recovery agent using this snap-in.
  • The administrative tool, "Active Directory Users and Computers" is used to designate recovery agents.

The control panel "Internet Options" applet is used to remove EFS recovery agent certificates.